package com.wzapp.sitposture.authentication.config;

import com.wzapp.sitposture.authentication.endpoint.CustomizedAuthenticationEntryPoint;
import org.springframework.boot.autoconfigure.thymeleaf.ThymeleafAutoConfiguration;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;

/**
 * 功能: <br/>
 *
 * @author ql
 * @version 0.4
 * @create 2018-05-30 16:44
 **/
@Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity
                .csrf().disable()
                .exceptionHandling().authenticationEntryPoint(new CustomizedAuthenticationEntryPoint())
                .and()
                .authorizeRequests()
                .antMatchers("/","/notify/**","/wexin/share/varify","/orders/webhook","/setup/info",
                        "/eShop/orderPays/**","/authentication/wexins/callback","/authentication/qqs/callback","/authentication/weibos/callback","/download"
                        ,"/h5/**","/static/**").permitAll()
                //设置则放过没有权限要求的接口
//                .anyRequest().permitAll();
                //设置则需要所有接口都有access_token
                .anyRequest().authenticated()
                .and()
                .httpBasic();
    }

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        resources.authenticationEntryPoint(new CustomizedAuthenticationEntryPoint());
    }
}
